Hidden DIV is one of the most common malware type. This kind of injection usually looks like block of code enclosed between the DIV tag. The malware creators are usually hiding it via css properties using techniques such as negative positioning, but very common way is injection of obfuscated JavaScript code which purpose is not very clear and is hard to decode. Such JavaScript code is responsible for hiding the iframes or other page elements.